Not able to execute the commands in same sudo session - linux

Not able to execute below touch command in same session of user - weblogic. Instead below touch command is executing on user - djaiswa2 and is failing [Because it is trying to access the path whose owner is weblogic].
[djaiswa2#cdcesb01 tmp]$ cat test.sh
#!/bin/bash
sudo su - weblogic;
touch /opt/middleware/.ssh/authorized_keys;
chmod 755 /opt/middleware/.ssh/authorized_keys;
[djaiswa2#cdcesb01 tmp]$ sh -x test.sh
+ sudo su - weblogic
Last login: Thu Aug 26 00:38:06 EDT 2021 on pts/0
-bash-4.2$ exit
logout
+ touch /opt/middleware/.ssh/authorized_keys
touch: cannot touch ‘/opt/middleware/.ssh/authorized_keys’: Permission denied
+ chmod 755 /opt/middleware/.ssh/authorized_keys
chmod: cannot access ‘/opt/middleware/.ssh/authorized_keys’: No such file or directory

You need to use su command with -c option to specify the commands to be executed.
for exampe:
sudo su - weblogic -c "touch /opt/middleware/.ssh/authorized_keys; chmod 755 /opt/middleware/.ssh/authorized_keys"

Related

Handle permissions with groups in linux

I can't understand how exactly this works in Linux.
For example, I want only users in some group have access to execute some file (I hope this is possible without visudo).
I create a system user and system group like:
useradd -K UID_MIN=100 -K UID_MAX=499 -K GID_MIN=100 -K GID_MAX=499 -p \* -s /sbin/nologin -c "testusr daemon,,," -d "/var/testusr" testusr
I add my current user user to the group testusr (may be not cross platform):
adduser user testusr
I create some test shell file and set permissions:
touch test.sh
chmod ug+x test.sh
sudo chown testusr:testusr test.sh
But I still can't start test.sh as user:
./test.sh
-> Error
Now I look for some system groups like cdrom to check how they work. My user is in cdrom group and can use the cd rom on my computer:
$ ls -al /dev/cdrom
lrwxrwxrwx 1 root root 3 апр. 17 12:55 /dev/cdrom -> sr0
$ ls -al /dev/sr0
brw-rw----+ 1 root cdrom 11, 0 апр. 17 12:55 /dev/sr0
Addition:
./test.sh command starts to work as I want after system reboot. Strange...
I'm on Ubuntu Studio 15.10
The group changes are reflected only upon re-login.

su command in shell script

I have a script which copies a file, then untar and install it (agent-service) on multiple systems (IPs are read from systems.txt file). In the script, I wanted to start the agent-service as user "test". However after the script execution, when I check the target system, the agent-service is shown as running as "root" user. What could be wrong here? Am I not using su command correct within the script?
~]# ps -ef | grep agent-service
root 23511 15196 0 02:12 pts/3 00:00:00 agent-service
Script>
#!/bin/bash
export AGENT=linux-5.8.1.tar.gz
while read host; do
scp $AGENT root#$host:/opt
ssh -n root#$host 'cd /opt/linux;
tar zxvf linux-5.8.1.tar.gz;
mkdir /opt/hyperic;
useradd -m test;
chown -R test:test /opt/linux;
su - test;
/opt/linux/agent-service start'
done < systems.txt
Using su as you do here spawns a new shell that has nothing to do thus exits immediately.
Either pass the command to su:
su - test -c /opt/linux/agent-service start
Or use sudo in a similar manner:
sudo -u test /opt/linux/agent-service start

maven: bash mvn permission denied

This is what I'm seeing:
mvn
bash: /usr/local/apache-maven/apache-maven-3.1.1/bin/mvn: Permission denied
my bash file:
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# User specific aliases and functions
JAVA_HOME=/usr/java/default
export JAVA_HOME
HADOOP_HOME=/usr/share/491s14/hadoop
export HADOOP_HOME
PATH=$PATH:$HOME/bin:$HADOOP_HOME/bin
export PATH
export M2_HOME=/usr/local/apache-maven/apache-maven-3.1.1
export M2=$M2_HOME/bin
PATH=$M2:$PATH
ls command:
ls -l /usr/local/apache-maven/apache-maven-3.1.1/bin/mvn
-rw-r--r--. 1 root root 5806 Feb 21 11:33 /usr/local/apache-maven/apache-maven-3.1.1/bin/mvn
file command:
file /usr/local/apache-maven/apache-maven-3.1.1/bin/mvn
/usr/local/apache-maven/apache-maven-3.1.1/bin/mvn: POSIX shell script text executable
Your permission shows that you can't execute that file. Modify permissions for that file. If you want all the users in the machine should be able to execute that file, then do this :
chmod a+x /usr/local/apache-maven/apache-maven-3.1.1/bin/mvn
/usr/local/apache-maven/apache-maven-3.1.1/bin/mvn does not have the execute permission. This should be able to fix it:
chmod a+x /usr/local/apache-maven/apache-maven-3.1.1/bin/mvn
sudo chmod 777 <mvn location> fixed it. Man I suck at linux :P
You can try chmod +x <your-mvnw-file>. It does work.

Unable to execute script file with +x permission, even with sudo

I am unable to run scripts from a mounted partition. I have created a basic "Hello World" script that will execute from my home directory fine, but when I move it to the mounted partition, I am unable to execute the file.
$ ls -l
-rwxr-xr-x 1 user user 31 Mar 4 21:33 test.sh
$ ./test.sh
-bash: ./test.sh: Permission denied
$ sudo ./test.sh
[sudo] password for user:
sudo: unable to execute ./test.sh: Permission denied
$ cd ..
$ ls -l
drwxrwxrwx 6 user root 4096 Mar 4 21:34 sda5
I have no idea what to do.
ETA: I am able to use "bash test.sh" to execute the file, just not ./test.sh. I am able to do ./test.sh in the home directory.
The file system was mounted with noexec which prevented executing files.

Permission denied writing in directories with g+w mode on ubuntu

On ubuntu 10.04.4 server, I did this:
sudo mkdir -p /data/somedir
sudo chown -R www-data.www-data /data/somedir
sudo chmod -R g+w /data/somedir
sudo usermod -a -G www-data john ##john is current login user.
. With these operations done, I suppose to have write permission in /data/somedir. But when I did this:
echo "123" > /data/somedir/123
, I got:
-bash: /data/somedir/123: Permission denied
The ls -l output:
$ ls -l /data/
total 4
drwxrwxr-x 2 www-data www-data 4096 2012-04-24 22:30 somedir
Question is: why? Is there something I still need to do after that?
Changes made with usermod only take effect on following logins; your existing login session does not yet have the www-data group, as you can verify with id. It is not easy to alter the identity of running processes (newgrp might work); the easiest way to deal is to log out and back in.

Resources